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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 
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earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 Responsive to communication(s) filed on 05 February 2004 . 
2a)D This action is FINAL. 2b)C3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
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4) IEI Claim(s) 7-36 is/are pending in the application. 
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5) D Claim(s) is/are allowed. 

6) G3 Claim(s) 1-36 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
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1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1. Claims 1-36 have been examined. 

Response to Amendment 

2. Examiner withdraws the objection to the title as the amended title overcomes the 
objection. 

3. The Declaration filed on February 5, 2004 under 37 CFR 1 .131 is sufficient to 
overcome the Lai reference. However, in reconsideration of the present prior art, the 
claims presented by the applicant are found to be unpatentable over Stallings in view of 
Bryant and Wu as outlined below. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 1-4, 8, 10-16, 20, 22-28, 32, and 34-36 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Stallings Cryptography and Network Security 2 nd 
Edition (hereinafter Stallings) in view of Bryant "Designing an Authentication System: a 
Dialogue in Four Scenes" (hereinafter Bryant). The user authentication method, as 
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claimed by the applicant, reads into basic trusted third part authentication 
methodologies using encrypted credentials or certificates for user verification, which is 
provided by the third party. Kerberos, an authentication service developed as part of 
the Athena project at MIT, is one of the better-known and implemented services that 
follow this authentication format. The features of Kerberos are more comprehensive 
then the invention claimed by the applicant, but, in spirit, the applicant's invention 
follows the same procedure to authenticate a user to a service. Stallings predicates the 
disclosure of the Kerberos authentication service with a description of a simple 
authentication procedure to provide an overview of the general structure of Kerberos. 
This simple authentication dialogue substantially covers the claimed invention. 

6. As per claim 1 , Stallings discloses a simple authentication dialogue that uses a 
central authentication server to log a client onto a network of distributed services (see 
Stallings, page 326, 'A Simple Authentication Dialogue'). This simple authentication 
dialogue uses a centralized server to securely identify users by obtaining information 
from the user and then sending a ticket back to the user, which -comprises of an 
encrypted message containing the identification of the client, the network address of the 
client, and the identifier of the service. This generated ticket, in addition to an identifier 
of the client, is sent to the service, whereupon, the service decrypts the ticket and 
compares the identification with the parsed identification. Since only the authentication 
server and the service share the private encrypted key, only the authentication server 
could have encrypted the ticket when issued to the client. Hence, if the parsed id 



Application/Control Number: 09/513,065 Page 4 

Art Unit: 2132 

matches the id sent by the client, then the request is accepted (see Stallings, page 326, 
steps 1 , 2, and 3). Stallings does not explicitly disclose that the ticket contains both a 
username and a computer identifier to authenticate a parsed username and parsed 
computer identifier. However, other disclosures of the Kerberos system that detail the 
makeup of the issued tickets specify the use of a computer identifier in addition to the 
username. Bryant discloses the inclusion of a workstation address in the ticket issued 
by the Kerberos authentication method to prevent an unscrupulous workstation from 
intercepting an issued ticket to a valid workstation and using the ticket to access the 
service under the guise of the valid workstation (see Bryant, page 5, especially 8 th 
paragraph "Athena:"). It would be obvious to one of ordinary skill in the art at the time 
the invention was made, for the identity of a user during a session to comprise a 
username and a computer identification as taught by Bryant in the simple authentication 
dialogue as taught by Stallings. Motivation for such an implementation would enable 
the invention to prevent identity duplicity by ascertaining a user by a unique name and a 
computer identifier. As such, the invention covered by Stallings comprises the following 
steps of: 

a. receiving an authentication key, a user name, and a computer identifier 
(see Stallings, page 326, 3 rd paragraph, step 3 as modified by Bryant, page 5, 
especially 8 th paragraph "Athena:"; wherein the authentication key is effectively 
the Ticket, the user name is the user id, and the computer identifier is the 
workstation address); 
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b. parsing the authentication key to obtain a parsed user name and computer 
identifier (see Stallings page 326, 4 th paragraph; 2 nd sentence; definition of 
"Ticket"); 

c. validating the received user name and computer identifier using the 
parsed user name and computer identifier (see Stallings, page 326 2 nd sentence 
as modified by Bryant, page 5 f especially 8 th paragraph "Athena:"). 

The aforementioned covers claim 1 . 

7. As per claim 2, Stallings covers a method of providing security for a computer 
connected to a data store as outlined above in the claim 1 rejection under 35 U.S.C. 
103(a). In addition, the validating step comprises determining whether the received 
user name and computer identifier match the parsed user name and computer identifier 
(see Stallings, page 326, step 3; final paragraph). 

8. As per claim 3, Stallings covers a method of providing security for a computer 
connected to a data store as outlined above in the claim 2 rejection under 35 U.S.C. 
103(a). In addition, a match indicates that the received user name and computer 
identifier are valid (see Stallings, page 326, step 3; constitution of Ticket'; final 
paragraph). 

9. As per claim 4, Stallings covers a method of providing security for a computer 
connected to a data store as outlined above in the claim 1 rejection under 35 U.S.C. 
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103(a). In addition, the method further comprises, before parsing, decrypting the 
authentication key (see Stallings, page 326, final paragraph). 

1 0. As per claim 8, Stallings covers a method of providing security for a computer 
connected to a data store as outlined above in the claim 1 rejection under 35 U.S.C. 
103(a). In addition, the method further comprises generating the authentication key 
(see Stallings, page 326, third paragraph; step 2). 

11. As per claim 1 0, Stallings covers a method of providing security for a computer 
connected to a data store as outlined above in the claim 8 rejection under 35 U.S.C. 
103(a). In addition, the method further comprises encrypting the authentication key 
(see Stallings, page 326, third paragraph). 

12. As per claim 1 1 , Stallings covers a method of providing security for a computer 
connected to a data store as outlined above in the claim 8 rejection under 35 U.S.C. 
103(a). In addition, the method further comprises forwarding the authentication key to a 
user (see Stallings, page 326, third paragraph). 

13. As per claim 12, it is a method claim corresponding to claims 1-3 and it does not 
teach or define above the information claimed in claims 1-3. Therefore, claim 12 is 
rejected under Stallings in view of Bryant for the same reasons set forth in the rejections 
of claims 1-3. 
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14. As per claims 13-16, 20, and 22-24, they are apparatus claims corresponding to 
claims 1-4, 8, and 10-12, and they do not teach or define above the information claimed 
in claims 1-4, 8, and 10-12. Therefore, claims 13-16, 20, and 22-24 are rejected under 
Stallings in view of Bryant for the same reasons set forth in the rejections of claims 1-4, 
8, and 10-12. 

1 5. As per claims 25-28, 32, and 34-36, they are article of manufacture claims 
corresponding to claims 1-4, 8, and 10-12 and they do not teach or define above the 
information claimed in claims 1-4, 8, and 10-12. Therefore, claims 25-28, 32, and 34-36 
are rejected under Stallings in view of Bryant for the same reasons set forth in the 
rejections of claims 1-4, 8, and 10-12. 

16. Claims 5, 6, 7, 9, 17, 18, 19, 21, 29, 30, 31, and 33 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Stallings in view of Bryant, and further in view 
of Wu et al. U.S. Patent No. 5,774,551 (hereinafter Wu). As per claim 5, Stallings 
covers a method of providing security for a computer connected to a data store as 
outlined above in the claim 1 rejection under 35 U.S.C. 103(a). Stallings is silent on the 
matter of logging on to a server with a server identifier and server password once the 
user identifier and computer identifier are authenticated. However, authentication 
means based on a unified login method wherein access into a service is enabled by the 
above means is found in a plurality of devices including one disclosed by Wu. Wu 
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teaches a method of logging in to a plurality of services, each with their own 
authentication restrictions, by means of a primary authentication module, wherein once 
a user is authentication by this primary authentication module, access to the individual 
services is enabled transparently (see Wu, col. 3, line 45-col. 4, line 2). It would be 
obvious to one of ordinary skill in the art at the time the invention was made to log an 
authenticated user to a server using a server user identifier and server user password. 
Motivation for such an implementation enables a unified login and hence simplification 
of the authentication requirements by the user to access a plurality of resources as 
taught by Wu (see Wu, col. 3, lines 50-55). 

17. As per claim 6, Stallings covers a method of providing security for a computer 
connected to a data store as outlined above in the claim 5 rejection under 35 U.S.C. 
103(a). In addition, the server user identifier and server user password is obtained by 
parsing the authentication key (see Wu, col. 3, lines 57-66; Figure 4). 

18. As per claim 7, Stallings covers a method of providing security for a computer 
connected to a data store as outlined above in the claim 6 rejection under 35 U.S.C. 
103(a). Stallings does not expressly disclose that a plurality of users share a server 
user identifier and corresponding password. However, the use of a shared user identity 
to logon to a service is notoriously well known in the art. Shared user identities include 
a range of roles, which cover everything from a default user or guest user for restricted 
access, to an administrator or root user for privileged access. Examiner takes Official 
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Notice of this teaching. It would be obvious to one of ordinary skill in the art at the time 
the invention was made for a plurality of users to share a server user identifier and 
corresponding password. Motivation for such an implementation enables a simple 
means to classify user access. 

1 9. As per claim 9, Stallings covers a method of providing security for a computer 
connected to a data store as outlined above in the claim 7 and 8 rejections under 35 
U.S.C. 103(a). In addition, the primary and secondary tokens disclosed by Wu, which 
contain the primary authentication context and the secondary authentication context 
respectively, comprise the authentication key as claimed by the applicant. Hence, the 
limitation of claim 9 is covered by Stallings in view of Bryant and Wu. 

20. As per claims 17-19 and 21, they are apparatus claims corresponding to claims 
5-7 and 9 and they do not teach or define above the information claimed in claims 5-7 
and 9. Therefore, claims 17-19 and 21 are rejected under Stallings in view of Bryant 
and Wu for the same reasons set forth in the rejections of claims 5-7 and 9. 

21 . As per claims 29-31 and 33, they are article of manufacture claims corresponding 
to claims 5-7 and 9 and they do not teach or define above the information claimed in 
claims 5-7 and 9. Therefore, claims 29-31 and 33 are rejected under Stallings in view of 
Bryant and Wu for the same reasons set forth in the rejections of claims 5-7 and 9. 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jung W Kim whose telephone number is (703) 305- 
8289. The examiner can normally be reached on M-F 9:00-6:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (703) 305-1830. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free), /^l 
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